Skip links

Triarii for Sentinel Service

Triarii for Sentinel hunts, detects, prevents, and responds to cyber-threats across your entire enterprise. Enhancing Azure Sentinel with our expert analysts, processes and technology ensures that your systems and environment are kept secure.
Here are the features you will get as part of the service.

24/7 Security Operations Centre (SOC)

Triarii for Sentinel provides a fully managed SOC service, so you gain the expertise of our staff watching your estate 24x7x365.

Reduced Mean Time To Respond (MTTR)

The longer the attacker is active in your network, the more damage they can do. By managing the automated response capabilities of Azure Sentinel, attacks will be stopped within seconds.


The service is aligned to the recognised tactics of the MITRE ATT&CK framework. The framework captures the tactics and techniques used by adversaries. Using this framework to understand the motivation behind attackers’ actions enables our analysts to better classify attacks, assess the risks, and prioritise action accordingly.

Under your control

It’s your data, in your tenancy. The location of the data, charges for collection and processing, and the access to that data is entirely within your control. We provide you the cyber specialists working around the clock to deliver the actionable intelligence you need to remain secure.

Suspicious email analysis

Our analysts investigate emails deemed suspicious by users. By analysing the source and content of such messages we are able to provide an assessment of the threat and recommend actions to be taken.

Total visibility

Total visibility is achieved by Cloud services and non-Microsoft hosted devices being ingested into the service and monitored by Falanx Cyber. Removing the need for multiple security monitoring solutions, our clients can be confident that Falanx Cyber is providing protection for their entire organisation.

Full feature list

Alerting any time, day or night, including weekends and bank holidays.

We will let you know if and when a breach looks to be starting or if an automated response has been taken.

Summary reporting of the incidents raised and dealt with over the prior period at both a business and technical level.

Our analysts manually search log data, leveraging threat hunting frameworks, to look for signs of intrusion which automated systems miss.

Monitors the deep, dark and surface web for instances of usernames & passwords associated with customer’s domains.

Send questionable emails to our Cyber Security specialists who will investigate and advise as to their threat level / safety.

Get ahead of attackers by identifying risk areas in your network and taking remedial action to protect against attack before it happens.

Our service utilises your Azure Sentinel instance, to provide collection, indexing, filtering and alerting of suspicious log activity.

Monitoring of changes and updates to key files and their attributes.

Defender for Endpoint protects user devices against multiple threat vectors including viruses, malware and file-less attacks.

You will have access to the same data as our SOC Analysts, able to see log events, alerts and analytics first-hand.  Azure dashboards provide readily understood consolidated summary information suitable for management consumption. Get the big picture with single pane of glass visibility of your enterprise.

We leverage multiple sources to supplement Azure Sentinel and collate information about threats and threat actors that will mitigate harmful events.

Monitor system and application configurations against security policies using Defender for Endpoint.

All data remains within the client Azure environment, and retention policies are configurable to meet client requirements.

Access to Azure Sentinel is via encrypted sessions and controlled granularly using Azure Lighthouse enabling cross-customer and resource management at scale. This ensures we only have access to the data specified and shared within Azure Sentinel for monitoring. This remains under your full control at all times.

The service is delivered against the MITRE ATT&CK framework, in-built by Microsoft within the Azure tools. In  addition, Falanx Cyber will develop rules, queries and alerts are also aligned to the MITRE ATT&CK tactics.

Security Orchestration Automated Response (SOAR) provides the ability to perform automated responses based on defined detections. reducing Mean Time To Respond (MTTR) to seconds.

Cloud services and non-Microsoft hosted devices can be ingested and monitored, connected with Azure Sentinel using built-in connectors, Common Event Format (CEF), Syslog or REST-API.

UK Based SOC

All our services are delivered by our approachable and experienced team of cyber specialists working as an extension of your IT team.

Turnkey Service

Simple to roll-out and designed to fit within your existing security processes, our MDR service works across your whole organisation, securing your entire environment.